<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 
    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "../../private/login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
?>
<?php require_once('../../Connections/diaemprendedor.php'); 
mysql_query("SET NAMES 'utf8'");
require_once('seek.php');
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}
?>
<?php
	$tp_documento=NULL;
	$rnm_documento=NULL;
	$catText=NULL;
	$charToBeReplaced=array("Á","É","Í","Ó","Ú","Ñ","á","é","í","ó","ú");
	$charToReplace=array("A","E","I","O","U","N","a","e","i","o","u");
	$deniedCharacter=array ("."," ","-","_","(",")","\\","/","\"");
	
	isset($_POST['idCategoria'])?$cat=urlFesedecode($_POST['idCategoria']):$cat=NULL;
		
	switch($cat){
		case 1:
			$catText = "-IDN-";
			break;
		case 2:
			$catText = "-PE-";
			break;
		case 3:
			$catText = "-EG-";
			break;
		default:
			$catText ="-N/A-";
			break;
	}
	$extensionDenied = array(".php",".css",".xls",".csv",".exe",".bat", ".sql",".html",".js",".htm","htm","xml",".asp",".aspx",">","<","?","include",".phtml",".zip",".exe",".tar","rar");
	$fileName=str_replace($extensionDenied,".txt",str_ireplace($charToBeReplaced,$charToReplace,$_FILES['archivo']['name'][0]));
	if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form_Carta")) {
	  $rnm_documento="C".$catText;
	  $updateSQL = sprintf("UPDATE proyecto SET dt_urlCartaIES=%s WHERE idPROYECTO=%s",
//						   GetSQLValueString($_SESSION['MM_idProyect']."_".$_FILES['archivo']['name'][0], "text"),
						   GetSQLValueString($rnm_documento.$_SESSION['MM_idProyect']."_".$fileName, "text"),
						   GetSQLValueString($_SESSION['MM_idProyect'], "int"));
	 //echo $updateSQL;
	  mysql_select_db($database_diaemprendedor, $diaemprendedor);
	  $Result1 = mysql_query($updateSQL, $diaemprendedor) or die(mysql_error());
	  $rnm_documento.=$_SESSION['MM_idProyect']."_".utf8_decode($fileName);
	}
	
	if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form_Resumen")) {
	  $rnm_documento="RE".$catText;
	  $updateSQL = sprintf("UPDATE proyecto SET dt_urlResumen=%s WHERE idPROYECTO=%s",
						   GetSQLValueString($rnm_documento.$_SESSION['MM_idProyect']."_".$fileName, "text"),
						   GetSQLValueString($_SESSION['MM_idProyect'], "int"));
	//echo $updateSQL;
	  mysql_select_db($database_diaemprendedor, $diaemprendedor);
	  $Result1 = mysql_query($updateSQL, $diaemprendedor) or die(mysql_error());
	  $rnm_documento.=$_SESSION['MM_idProyect']."_".utf8_decode($fileName);
	}
	
	if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form_Extenso")) {
      $rnm_documento="E".$catText;
	  $updateSQL = sprintf("UPDATE proyecto SET dt_urlExtenso=%s WHERE idPROYECTO=%s",
						   GetSQLValueString($rnm_documento.$_SESSION['MM_idProyect']."_".$fileName, "text"),
						   GetSQLValueString($_SESSION['MM_idProyect'], "int"));
	//echo $updateSQL;
	  mysql_select_db($database_diaemprendedor, $diaemprendedor);
	  $Result1 = mysql_query($updateSQL, $diaemprendedor) or die(mysql_error());
	  $rnm_documento.=$_SESSION['MM_idProyect']."_".utf8_decode($fileName);
	}

?>
<html>
<head>
<title>Guardar</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="shortcut icon" href="stylesheet/img/devil-icon.png"> <!--Pemanggilan gambar favicon-->
<link rel="stylesheet" type="text/css" href="../../css/mos-style.css"> <!--pemanggilan file css-->
</head>

<body>
<div id="header">
	<div class="inHeader">
	  <div class="clear"></div>
  </div>
</div>

<div id="wrapper">
	<div id="leftBar">
	
	</div>
  <div id="rightContent">
	<h3>GUARDAR</h3>
    <form action="../../private/index.php" method="post" name="formSaveOk">
	<?php
$directorio="../../proyecto/";
opendir($directorio);
//print_r($_FILES);
//print_r(count($_FILES['archivo']['tmp_name']));
for($i=0;$i<count($_FILES['archivo']['tmp_name']);$i++){
	
	$destino = $directorio.$rnm_documento;
			
	if(copy($_FILES['archivo']['tmp_name'][$i],$destino))
	{
		echo "<div class=\"sukses\">
		El archivo se ha guardado correctamente</br>
		
	  </div>";
		
	}else{
		echo "<div class=\"gagal\">
		El archivo no se ha guardado correctamente
		</div>";
		}
}
?>
		
		
		
		
	
	
	  <table width="95%">
		  <tr><td width="125"></td><td>
			
			<input type="submit" class="button" value="OK">

		  </td></tr>
	  </table>
    </form>
	</div>
<div class="clear"></div>
<div id="footer">
	
</div>
</div>
</body>
</html>